By Cudjoe Kpor
The electronic payment system crooks in Nigeria have hit it really big. An Integrated Payroll and Personnel Information System (IPPIS) was set up with high hopes to end treasury-looting, frauds, corruption and human resources malpractices in the public service. Specifically, ministries, departments and agencies (MDAs) of Federal Government were to be cleaned out. But defrauding via IPPIS has become an embarrassing, mind-boggling, chaotic, fraudulent scandal. The fraudsters who successfully by-passed the IPPIS control systems got blank cheques to write any amount they cared to steal. And they made away with a total of up to N3.3 trillion from the public till.
The e-crooks did not spare the public treasury at all. One example reads: “The imperfections in the IPPIS system have made the country lose huge sums of money, with the payment of N12 million each to 40 members of staff who were not (on) the payroll of the relevant MDAs,” the Auditor General of the Federation (AUGF), Mr Samuel Ukura said with the cold precision of an accounting professional.
Whether only one person made N12 million theft withdrawal from the treasury 40 times or 40 persons made the N12 million each, the AUGF did not say. All the crooks disappeared into thin air with their loot. But the curious question is, why was there no red flags raised at any of the agencies and departments which have any role to play in the security control systems of the IPPIS? Worse still, the IPPIS payroll system’s control mechanisms failed. The Accountant General of the Federation (AGF), to which the IPPIS boss reports, never raised any red flag about any of the hefty withdrawals either.
Five other public organisations monitor or control IPPIS input and output: The Office of the Head of Service (OHCSF), Federal Civil Service Commission (FCSC), Budget Office of the Federation (BOF) and Central Bank of Nigeria (CBN). None of them could raise any red flag alarming that the IPPIS system controls had gone haywire mostly for reasons the AGF gave in his 2014 annual report he presented to the National Assembly last week.
Now, only the most modern, security agencies of the most technologically advanced nations might be able to trace such cash haul and the culprits. But more than a year after the fraudsters looted N480 million and vanished without trace, perhaps miracles will still happen.
Then again, the small-time e-crooks also had their day looting the treasury through the IPPIS.: Mr Ukura wrote: “N330 million was paid to 300,000 people without following approved salary scale, while double payments of about N30 million was made within three months.”
If the N12m each withdrawals were so dissimulated that not even the banks could raise alarm with their red flags, how come as many as 300,000 payments were made without following approved salary scale and nobody anywhere who manages the system knew? These examples are huge frauds. But they only reflected the back doors left open in the software programming system by the e-crooks and their expert confederates.
Or rather, chaos. So, nearly eight years after the establishment of IPPIS as part of the civil service reforms, the AUGF’s report reveals more of systemic chaos. Add up the total looted public money to N3.3 trillion (about 75% of the annual budget of the country during the Goodluck Jonathan year) and it is a fraudulent scandal.
Until now, IPPIS, acronym for Integrated Payroll and Personnel Information System was set up to manage human resources to eliminate fraud from the public service. Best of all, it would ensure accurate headcount of public servants paid from public treasury. Also, it should ensure prompt payment of their salaries and other allowances directly into public servants’ bank accounts after making the appropriate deductions such as taxes, loans, co-operatives and pension contributions, among others.
In fact, till now, IPPIS has been extolled as the panacea Nigeria needs to get rid of frauds called “ghost workers” and “inflated payroll corru[tion.” Informed persons argue that ghost workers are nobody but the unqualified staff and personal aides of big men who do not want to pay them from their own pockets. So they call in the ministry, department and agency’s personnel officers and instruct them to insert the names of his unqualified aides as staff of public service with false names. Hence offloading them on to government payroll instead.
Otherwise, Dr Ngozi Okonjo-Iweala, immediate-past minister of Finance and coordinating minister for the Economy, had extolled IPPIS for exposing 62,893 “ghost workers” removed from the payrolls of MDAs, and saved the N208.7bn paid as salaries and benefits to them. This was just before the Jonathan government quit Aso Rock in May, last year.
On February 28, this year, her successor, Finance Minister Kemi Adeosun joined the praise-singers for IPPIS. The payroll bill for Federal Government was reduced by N2.3 billion in February, this year because 23,846 ghost workers were nabbed on it.
No wonder by October 7, last year, President Muhammadu Buhari was so convinced by the safe, secure system that he ordered all police, Armed Forces, universities and quasi-military organisations to be added to the IPPIS system, incidentally after the successful implementation of the Treasury Single Account (TSA) deadline went by on September 15, 2015.
On February 22, 2016, the Accountant-General of the Federation Ahmed Idris, told reporters in Kaduna during a training session for IPPIS staff that it so far has 402 MDAs on it and it planned to include all the para-military organisations on it by end of this month. “By December 31, all the over 800 MDAs funded by the treasury will be fully enrolled into the IPPIS programme,” Director of IPPIS Ibrahim Yusuf, added.
Idris had reiterated that the programme will enhance staff remuneration with minimal wastage, ascertained actual personnel emoluments of Federal employees and centralised the payroll systems which had addressed problems of multiple payment of staff and facilitated storage, updating and retrieval of personnel records for administrative and pension matters.
Indeed, Vice President Yemi Osinbajo told all the Permanent Secretaries last year that IPPIS will help to curtail abuses in the processes of payment of salaries and emoluments’ processes of the government.”
Available statistics showed that as at May 2014, there were 257,516 employees on IPPIS payroll from 308 MDAs. In addition were 17 Teaching Hospitals, 10 colleges of Agriculture and Veterinary Science, among others.
As at now, the software developers are silent. The five global ICT giants in Soft Alliance which developed the software are Oracle, in partnership with Sun Microsystems, IBM, Microsoft and HP. While the Soft Alliance is extolling its savings of N208.7bn savings, the AUGF’s report exposed N3.3 trillion fraud leaking through the system to fraudsters from April, 2007, when the system took off, to December 2014. The savings by the Soft Alliance, are therefore an insignificant 0.063 per cent of the looted treasury.
A mind boggling scandal!
It is unclear why AUGF did not make its audit reports annual presentations. At least, if presented last year, some of the blatant looters might be nabbed easily. Especially those which use ATM transactions with their photos snapped at the terminals. Now, a whole year passed from the time the easy looting was perpetrated to this time when the Auditor General made its exposure public. Even the fraudsters who did not loot by Internet VOIP could be anywhere else in the world luxuriating in easy “awoof” money.
Worst of all, unless there is any way of pinpointing accurately who used which password to steal how much, the culprits must be sifted from tens to hundreds of suspects. They would include all the staff and executives of both Soft Alliance and IPPIS secretariat, their family members, cronies and associates, executives of other government agencies who had access to the database.
For instance, the system was so compromised IPPIS secretariat was unaware of the looting, AGF was shunted, so were HOS, FCSC, BOF and CBN and the private banks shunted. The looters had blank cheques to loot any amount they wished. Of course the reputable global ICT companies which partnered to form the Soft Alliance on Oracle platform would know this is the worst insider job since Nigeria’s independence.
But the courts may be faced with resolving conflicts about whether it was system failure, hence negligence by the multinationals or system abuse by any of the government agencies linked directly or indirectly to IPPIS staff, be they foreigners or Nigerians.
AUGF’s diagnosis of IPPIS failure came under two headings: Password uniqueness and adequacy: Staff of Soft Alliance Limited have unhindered access to the database. They set up new users and change live data. The password controls for access to IPPIS were not adequate. The database could even be accessed from anywhere in the world via Internet VOIP. No password to access the IPPIS database expires after specified time, say 90 days. So, retired government officials could access the database even after leaving office.
Then there was failure of the security controls: The same usernames and passwords were shared by several users with many using ‘consultant’ or ‘technical.’ No restriction on the number of sign-in attempts. Worst, audit trail for the IPPIS was not enabled; so it is not always possible to trace which user made particular inputs or changes. “For example, fraudulent transactions cannot be traced to a particular user,” AGF said.
In summary, to minimise e-crooks’ frauds, Ukuru recommended activation of application controls, completeness, duplicate and reasonableness checks. But above all, the ability to create new users on the system must be adequately protected and restricted to a few ‘super users only.
All these would ensure that there would be system triggers to raise red flags when the e-crooks strike. Of course with stringent integrity checks to ensure that the fraudsters are not employed in the IPPIS secretariat to start with.
So far, the only objection to the AUGF’s report came from Group Executive Director, Finance and Accounts Isiaka Abdulrazaq, NNPC who said the oil giant owes the Federation Accounts Allocation Committee (FAAC) N326 billion and not N3.32 trillion reported by AUGF.
But he was silent about AUGF’s accusation that Nigeria Liquified Natural Gas (NLNG) sold for N47.1 billion ($235,685,861) and transferred into “some undisclosed escrow accounts” was not paid into FAAC. We await the final word from the AUG’s audit investigation.
